Dh parameters serialization (#3504)

* Support DH parameter serizalization - no X9.42 * Support X9.42 serialization - DER not working * Fix dhp_rfc5114_2.der Changing the DER parameters serialization after the fix in openssl commit a292c9f1b835 * DH parameters X9.42 DER serialization fixed * fix _skip_dhx_unsupported * document DH parameter_bytes * PEP8 fixes * Document load_pem_parameters * Document load_der_parameters * document ParameterFormat * Increase test coverage * Increase test covrage * Remove unneeded check * Fix typo * Fix error in load_der_parameters * Add load_pem_parameters and load_der_parameters to interfaces * CR fixes * Removed unverified phrase * Update version to 2.0 * Fix pep8 * Rename ParameterFormat.ASN1 to ParameterFormat.DHParameter * link pkcs3 * Add new line at end of file to serialization.rst * Rename DHparameters to PKCS3 * doc CR fix
author: Aviv Palivoda <palaviv@gmail.com> 2017-06-24 22:00:28 +0300
committer: Paul Kehrer <paul.l.kehrer@gmail.com> 2017-06-24 09:00:28 -1000
commit: 6b08aba7f1eb296461528328a3c9871fa7594fc4 (patch)
tree: bdf2bbbd1fc71815b97cafc02a747d428ce4b464 /src/cryptography/hazmat/backends/openssl/backend.py
parent: 1cff0c08cfc7385f46a188f13f08ca5a87f85b48 (diff)
download: cryptography-6b08aba7f1eb296461528328a3c9871fa7594fc4.tar.gz
cryptography-6b08aba7f1eb296461528328a3c9871fa7594fc4.tar.bz2
cryptography-6b08aba7f1eb296461528328a3c9871fa7594fc4.zip
1 files changed, 63 insertions, 0 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index d17b38ca..5458a0f8 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -1007,6 +1007,17 @@ class Backend(object):
             else:
                 self._handle_key_loading_error()
 
+    def load_pem_parameters(self, data):
+        mem_bio = self._bytes_to_bio(data)
+        # only DH is supported currently
+        dh_cdata = self._lib.PEM_read_bio_DHparams(
+            mem_bio.bio, self._ffi.NULL, self._ffi.NULL, self._ffi.NULL)
+        if dh_cdata != self._ffi.NULL:
+            dh_cdata = self._ffi.gc(dh_cdata, self._lib.DH_free)
+            return _DHParameters(self, dh_cdata)
+        else:
+            self._handle_key_loading_error()
+
     def load_der_private_key(self, data, password):
         # OpenSSL has a function called d2i_AutoPrivateKey that in theory
         # handles this automatically, however it doesn't handle encrypted
@@ -1063,6 +1074,28 @@ class Backend(object):
             else:
                 self._handle_key_loading_error()
 
+    def load_der_parameters(self, data):
+        mem_bio = self._bytes_to_bio(data)
+        dh_cdata = self._lib.d2i_DHparams_bio(
+            mem_bio.bio, self._ffi.NULL
+        )
+        if dh_cdata != self._ffi.NULL:
+            dh_cdata = self._ffi.gc(dh_cdata, self._lib.DH_free)
+            return _DHParameters(self, dh_cdata)
+        elif self._lib.Cryptography_HAS_EVP_PKEY_DHX:
+            # We check to see if the is dhx.
+            self._consume_errors()
+            res = self._lib.BIO_reset(mem_bio.bio)
+            self.openssl_assert(res == 1)
+            dh_cdata = self._lib.Cryptography_d2i_DHxparams_bio(
+                mem_bio.bio, self._ffi.NULL
+            )
+            if dh_cdata != self._ffi.NULL:
+                dh_cdata = self._ffi.gc(dh_cdata, self._lib.DH_free)
+                return _DHParameters(self, dh_cdata)
+
+        self._handle_key_loading_error()
+
     def load_pem_x509_certificate(self, data):
         mem_bio = self._bytes_to_bio(data)
         x509 = self._lib.PEM_read_bio_X509(
@@ -1618,6 +1651,36 @@ class Backend(object):
                 serialization._ssh_write_string(public_numbers.encode_point())
             )
 
+    def _parameter_bytes(self, encoding, format, cdata):
+        if encoding is serialization.Encoding.OpenSSH:
+            raise TypeError(
+                "OpenSSH encoding is not supported"
+            )
+
+        # Only DH is supported here currently.
+        q = self._ffi.new("BIGNUM **")
+        self._lib.DH_get0_pqg(cdata,
+                              self._ffi.NULL,
+                              q,
+                              self._ffi.NULL)
+        if encoding is serialization.Encoding.PEM:
+            if q[0] != self._ffi.NULL:
+                write_bio = self._lib.PEM_write_bio_DHxparams
+            else:
+                write_bio = self._lib.PEM_write_bio_DHparams
+        elif encoding is serialization.Encoding.DER:
+            if q[0] != self._ffi.NULL:
+                write_bio = self._lib.Cryptography_i2d_DHxparams_bio
+            else:
+                write_bio = self._lib.i2d_DHparams_bio
+        else:
+            raise TypeError("encoding must be an item from the Encoding enum")
+
+        bio = self._create_mem_bio_gc()
+        res = write_bio(bio, cdata)
+        self.openssl_assert(res == 1)
+        return self._read_mem_bio(bio)
+
     def generate_dh_parameters(self, generator, key_size):
         if key_size < 512:
             raise ValueError("DH key_size must be at least 512 bits")
author	Aviv Palivoda <palaviv@gmail.com>	2017-06-24 22:00:28 +0300
committer	Paul Kehrer <paul.l.kehrer@gmail.com>	2017-06-24 09:00:28 -1000
commit	6b08aba7f1eb296461528328a3c9871fa7594fc4 (patch)
tree	bdf2bbbd1fc71815b97cafc02a747d428ce4b464 /src/cryptography/hazmat/backends/openssl/backend.py
parent	1cff0c08cfc7385f46a188f13f08ca5a87f85b48 (diff)
download	cryptography-6b08aba7f1eb296461528328a3c9871fa7594fc4.tar.gz cryptography-6b08aba7f1eb296461528328a3c9871fa7594fc4.tar.bz2 cryptography-6b08aba7f1eb296461528328a3c9871fa7594fc4.zip